With the introduction of Bring Your Own Device (BYOD) policies into corporate and government enterprises, there is much concern about whether the device user is in fact the device owner, or authorized user, and whether the user has permission to access and manipulate enterprise data (from an enterprise server) held on the device. This same concern is present in mobile payment systems, where there are more and more cases of fraudulent card use and identity theft, which cost the banks and the consumer billions of dollars annually. These are very realistic concerns since about 5% of mobile devices and personal digital assistants (PDA's) are lost or stolen each year and counterfeit cards, created from illegally obtained, large lists of existing card numbers, are being used to defraud banks and the consumer. Many of the mobile devices and payment cards are not protected from fraudulent use by any method which would meet the requirements of a security-conscious organization. If the enterprise insists upon the user protecting the device (and access to the enterprise server) with a complex, changing password, the user resists this because of the difficulty of remembering and entering the password. If the device is protected by just a 4-digit PIN, this can be easily hacked in less than a minute or two, with a brute force attack. Many devices are not protected at all and the mobile device or payment card, falling into wrong hands can be a personal or corporate disaster or both.
Increasingly now, payment systems involve a mobile device or a POS terminal with electronic signature capture and may involve an integrated circuit payment card to “identify” the user. However in the event the card is a counterfeit copy or if it or the mobile device has been lost or stolen, a PIN, on its own, provides little defense.
Software solutions, based upon biometrics and other methods, do not necessarily solve the problem, since mobile device and POS terminal software can be changed by malware introduced by nefarious entities.
This invention solves the problems of:                1) Tying the user to a mobile device or Integrated Circuit card with a very high probability        2) Asserting a trusted mobile device ID or Payment card ID using hardware elements of the mobile device, an ASIC or IC component        3) Releasing trusted credentials or an authentic signature to a relying party        4) Providing strong encryption for data at rest and in transit        5) Providing tamper-proof software applications.        
The invention addresses the implementation of hardware rooted mobile device ID generation and user identity verification, through biometric means incorporated into the Mobile Device itself, or into an Application Specific Integrated Circuit (ASIC) device, on or connected mobile device. It can also be applied to the integrated circuit of an IC chip card integrated into or connected to a stand-alone computer. The functions are accompanied by software signing techniques with a local biometric template, and data encryption to help ensure a secure operating environment for the mobile device or IC payment card. The stand-alone computer may be a POS terminal with an integrated IC card reader and signature capture capability, or a consumer mobile device.
The following description extracts salient parts of U.S. patent application Ser. No. 12/931,340, and adds to it new and improved aspects to create this Application.